[kudu-CR] webserver: add X-Frame-Options header

Todd Lipcon (Code Review) Wed, 01 Mar 2017 15:00:35 -0800

Hello Dan Burkert,

I'd like you to do a code review.  Please visit


    http://gerrit.cloudera.org:8080/6215

to review the following change.

Change subject: webserver: add X-Frame-Options header
......................................................................

webserver: add X-Frame-Options header

This adds a default 'DENY' header in order to prevent Kudu web pages
from being put into cross-domain iframes. This can prevent clickjacking
attacks, and generally considered a good idea for web security.

See: https://www.owasp.org/index.php/Clickjacking

Change-Id: Ie43ec476712c2574a4dc746dae6218f0a4195e09
---
M src/kudu/server/webserver-test.cc
M src/kudu/server/webserver.cc
M src/kudu/util/curl_util.cc
M src/kudu/util/curl_util.h
4 files changed, 28 insertions(+), 12 deletions(-)


  git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/15/6215/1
-- 
To view, visit http://gerrit.cloudera.org:8080/6215
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Ie43ec476712c2574a4dc746dae6218f0a4195e09
Gerrit-PatchSet: 1
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-Owner: Todd Lipcon <[email protected]>
Gerrit-Reviewer: Dan Burkert <[email protected]>

[kudu-CR] webserver: add X-Frame-Options header

Reply via email to